IPAv2_201

IPAv2_201#

__NOTOC__ May 2, 2011

The FreeIPA project team is pleased to announce the availability of the freeIPA 2.0.1 server.

It is available in Fedora 15 and Fedora rawhide.

Known Issues#

  • If the domain and realm do not match you may need to use the –force flag with ipa-client-install.

  • Dogtag replication is done separately from IPA replication. The ipa-replica-manage tool does not currently operate on dogtag replication agreements.

  • The OCSP URL encoded in dogtag certificates is by default the CA machine that issued the certificate.

Changelog since 2.0.0#

Endi S. Dewata (1):

  • Fixed undefined label in permission adder dialog box.

Jan Cholasta (10):

  • Fix wording of error message.

  • Add note about ipa-dns-install to ipa-server-install man page.

  • Fix typo in ipa-server-install.

  • Fix uninitialized variables.

  • Fix double definition of output_for_cli.

  • Add lint script for static code analysis.

  • Fix lint false positives.

  • Remove unused classes.

  • Fix some minor issues uncovered by pylint.

  • Fix uninitialized attributes.

Jr Aquino (4):

  • Escape LDAP characters in member and memberof searches

  • Add memberHost and memberUser to default indexes

  • Optimize and dynamically verify group membership

  • Delete the sudoers entry when disabling Schema Compat

Martin Kosek (12):

  • Inconsistent error message for duplicate user

  • Replica installation fails for self-signed server

  • Password policy commands do not include cospriority

  • Improve DNS PTR record validation

  • IPA replica is not started after the reboot

  • Improve Directory Service open port checker

  • Log temporary files in ipa-client-install

  • Prevent uninstalling client on the IPA server

  • pwpolicy-mod doesn’t accept old attribute values

  • Forbid reinstallation in ipa-client-install

  • ipa-client-install uninstall does not work on IPA server

  • LDAP Updater may crash IPA installer

Pavel Zuna (1):

  • Fix gidnumber option of user-add command.

Rob Crittenden (18):

  • Allow a client to enroll using principal when the host has a OTP

  • Make retrieval of the CA during DNS discovery non-fatal.

  • Cache the value of get_ipa_config() in the request context.

  • Change default gecos from uid to first and last name.

  • Fix ORDERING in some attributetypes and remove other unnecessary elements.

  • postalCode should be a string not an integer.

  • Fix traceback in ipa-nis-manage.

  • Suppress –on-master from ipa-client-install command-line and man page.

  • Sort entries returned by *-find by the primary key (if any).

  • The default groups we create should have ipaUniqueId set

  • Always ask members in LDAP*ReverseMember commands.

  • Provide attributelevelrights for the aci components in permission_show.

  • Wait for memberof task and DS to start before proceeding in installation.

  • Convert manager from userid to dn for storage and back for displaying.

  • Modify the default attributes shown in user-find to match the UI design.

  • Ensure that the zonemgr passed to the installer conforms to IA5String.

  • Handle principal not found errors when converting replication agreements

Simo Sorce (2):

  • Fix resource leaks.

  • ipautil: Preserve environment unless explicitly overridden by caller.